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Dear Members of Saint Ambrose: 

I hope and pray you, and your loved ones, had a very blessed Easter! There was certainly an amazing energy and 
Spirit as we celebrated the joy of the Risen Christ in our renewed Church. As I shared on Easter, my prayer is 
that this holy place will always be our 'home' where we can all find the wisdom, strength, light and peace of the 
Lord. God bless you for your continued support for our parish that allows us to do all the good things we do 
together for the Lord and our community. 

On Wednesday of Holy Week, I received some very difficult news that I need to share with you this weekend 
at Mass, and by way of this letter. Our Vision 2020 Team has been working hand in hand with Marous Brothers 
Construction to renew our Church. By all accounts, the project has been going extremely well - both on time 
and on budget. On Wednesday, Marous Brothers called inquiring as to why we had not paid our monthly 
payment on the project for the past two months totaling approximately $1,750,000. This was shocking news to 
us, as we have been very prompt on our payments every month and have received all the appropriate 
confirmations from the bank that the wire transfers of money to Marous were executed/confirmed. I contacted 
the Brunswick Police, our bank, Marous Brothers, and the Diocese immediately, and the FBI was also brought in. 
Upon a deeper investigation by the FBI, we found that our email system was hacked and the perpetrators were 
able to deceive us into believing Marous Brothers had changed their bank and wiring instructions. The result is 
that our payments were sent to a fraudulent bank account and the money was then swept out by the 
perpetrators before anyone knew what had happened. Needless to say, this was very distressing information. 

We are now working closely with the Diocese, legal counsel, the insurance program, and the FBI to investigate 
the situation further and file the appropriate insurance claims. At the same time, we brought in information 
technology consultants to review the security and stability of our system, change all passwords, and verify the 
integrity of our databases and other pertinent information. They have determined the breach was limited to 
only two email accounts. 

The FBI investigation will continue. We are working closely with the Diocese and its insurance program to file a 
claim in the hopes that Marous Brothers Construction can receive their payment quickly and we can bring this 
important project for our parish to a positive completion. Needless to say, I have been sick about the situation 
and am working as hard as possible to address every aspect of this problem. I am sure you may also have 
further questions and thus the back side of this letter addresses additional points. As things develop, I will 
continue to update you. 

Please know how very sorry I am that this has occurred in our parish community. If l/we had any idea, any 
clue, any information that the money was not being sent to the right account, we would have addressed it 
immediately. I pray that this will not diminish the joy of our renewed Church, or your support for our parish 
community. Throughout the Triduum and Easter, I have been praying mightily that the Light will shine through 
the darkness of this situation and that God will give us the grace and strength to walk forward in faith and hope. 

Please pray for God's strength and guidance for all involved in this situation, and that God will provide 
encouragement and strength to walk our parish forward. 

On this Divine Mercy Sunday, may each of us know the mercy and compassion of the Lord. Be assured of my 
prayers now and always. 



Father Bob Stec 
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How did this happen? 

There's no quick and easy answer to this question, but in short, the perpetrator (unbeknownst to us) 
gained access to two employee email accounts which were used to deceive the parish and perpetrate the 
fraud. To the best of our knowledge, only these two transactions between MBC and SA were involved and 
impacted. 

What can we do to make sure this never happens again? 

While we regularly change passwords and make sure our firewalls, etc. are up-to-date, we are reviewing 
our systems and our strategy to protect our parish and its records. Our parish works with a very qualified 
information technology consultant who serves many parishes in the Diocese and they have just completed 
a review of our system and assured us we are using strong firewalls/protection. That said, while we are 
already proactive in our practices, we are also in the process of engaging another firm who are experts in IT 
security to do a complete independent review of our system and all our procedures. I can assure you that 
we are also reviewing our cash disbursement procedures and, at a minimum, will be returning to sending 
manual checks instead of wire transfers to address our financial obligations. 

Were any parish databases breached? 

After reviewing our systems, to the best of our knowledge, only the email system was 
breached/compromised. Our parish database is stored in a secure cloud-based system. This allows for 
many layers of security/protection of our parish database information. 

What about my Automatic Giving Information? 

The automated giving program is done through KeyBank. Their systems and storage of information is 
totally independent of the St. Ambrose systems and thus were not exposed, in any way, as a result of this 
issue. KeyBank maintains state-of-the art security and is required to do so contractually by our 
arrangement with them. As noted above, no personal financial information (credit card/ACH) is stored on 
the Saint Ambrose computer systems. Your credit card and bank information were not compromised. 

Will insurance cover the stolen money? 

The Diocese has been working to prepare our insurance claim which was submitted late last week. We are 
hopeful that the claim will be successful and allow us to address our financial obligation to Marous 
Brothers Construction in a timely way. I will certainly keep you updated as to the progress of the 
processing of the insurance claim. 

What happens with the construction project? 

We are working with Marous Brothers Construction to complete the project. There's about four more 
weeks of work to complete the front columns/entry, south entrance, and chapel, along with the punch list. 

Some good reminders: 

• Hackers are constantly sending spam, phishing, and social engineered messages asking for money 
and information. Saint Ambrose will never ask for gift cards, money, or your personal information 
to be given to us by email or by phone. 

• Always check the email addresses of any email you receive to make sure that it is an authentic and 
recognized email (e.g. all parish email comes from: first initial and full last name @StAmbrose.us). 
Always check to ensure that the "From" name matches the sender's email address. 

• If you ever have a question, or receive an email that looks questionable from Saint Ambrose, 
please be quick to call and ask for verification and guidance. 

This letter and Q/A are based on the information we have as of April 27, 2019. If you have 
additional questions, please join us on Wednesday, May 1 at 7 pm in the Mother Teresa Room. 
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